Aggregate and Verifiably Encrypted Signatures From Bilinear Maps

An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message Mi for i = 1; : : : ; n). In this paper the authors introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. They construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham.